问题描述

我使用的是spring-security-core，并设置了安全通道功能，这在我的开发机器上工作得很好。我在Config.groovy中找到了以下内容：

$ p $ grails.plugins.springsecurity.secureChannel.definition = [
' / order / checkout'：'REQUIRES_SECURE_CHANNEL'，
'/ order / paymentComplete'：'REQUIRES_INSECURE_CHANNEL'
]


另外，部署到Heroku时，相关的订单处理工作正常，只要，我注释掉以上几行。只要我把它们放回去，我就会得到：

我在服务器上看到很多请求，而Firebug net view显示：

我有PiggyBack SSL添加到Heroku中，并且我可以指定https：// ...地址导航到网站的其他部分，在这种情况下，浏览器将保持SSL模式。但是，如果我访问

  https：/www.momentumnow.co/order/checkout 
  

直接寻址，我得到相同的重定向循环问题。你知道问题是什么或者我可以如何进一步调试。如果是后者，请您更新评论区域，我会回复问题区域的更新。谢谢

PiggyBack SSL - 关于 grails.plugins.springsecurity.portMapper.httpPort 和 grails.plugins.springsecurity.portMapper.httpsPort 配置属性。

I'm using spring-security-core and have setup the secure-channel capabilities, which work fine on my development machine. I've got the following in Config.groovy

grails.plugins.springsecurity.secureChannel.definition = [
   '/order/checkout': 'REQUIRES_SECURE_CHANNEL',
   '/order/paymentComplete': 'REQUIRES_INSECURE_CHANNEL'
]

Also, deploying to Heroku the associated order processing works fine, as long as I comment out the above lines. As soon as I put them back in, I get:

I see many requests come in on the server, and the Firebug net view shows:

I've got the PiggyBack SSL added on to Heroku, and I'm able to specify an https://... address to navigate to other parts of the site, in which case the browser stays in SSL mode. But if I access the

https:/www.momentumnow.co/order/checkout

address directly, I get the same redirect loop problem. Do you know what the problem is or how I can debug this further. If the latter, would you please update the comment area, and I will respond with updates to the problem area. Thanks

PiggyBack SSL documentation indicates:

"Piggyback SSL will allow you to use https://yourapp.heroku.com, since it uses the *.heroku.com certification. You don't need to buy or configure a certificate, it just works. https://yourcustomdomain.com will work, but it will produce a warning in the browser."

I'll probably switch to another mode as I add a certificate, however that does not seem to be the problem, based on the previous statement.

On the server, I get:

You need to fix the values for the ports since they default to 8080 and 8443. See the section on Channel Security in the docs - http://grails-plugins.github.com/grails-spring-security-core/docs/manual/ - about the grails.plugins.springsecurity.portMapper.httpPort and grails.plugins.springsecurity.portMapper.httpsPort config attributes.

这篇关于grails - spring-security-core安全通道导致重定向循环（在Heroku上）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！